WP eMember < 10.6.7 - Reflected XSS via Member Edit

Vulnerability

The wp-eMember WordPress plugin prior to version 10.6.7 contains a Reflected Cross-Site Scripting (XSS) vulnerability [1]. The plugin fails to sanitise and escape a parameter before outputting it back in the page during member edit functionality, enabling injection of arbitrary web scripts [1]. This affects all versions before 10.6.7.

Exploitation

An attacker can craft a malicious URL containing the unsanitised parameter and trick a high-privilege user (such as an administrator) into clicking it [1]. No authentication is required from the attacker, but the victim must be logged into the WordPress admin area and interact with the crafted link. The Proof of Concept provided by the researcher demonstrates the reflected XSS vector [1].

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's browser [1]. Because the attack is reflected and targets high-privilege users, the attacker could potentially perform actions on behalf of the admin, such as creating new admin accounts, modifying site content, or extracting sensitive information [1].

Mitigation

The vulnerability is fixed in version 10.6.7 of the wp-eMember plugin [1]. Users are strongly advised to update immediately to the latest version. No other workarounds have been published [1]. The CVE is not currently listed in the Known Exploited Vulnerabilities (KEV) catalog.